php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #25713 endless self call loop
Submitted: 2003-10-01 09:53 UTC Modified: 2003-10-01 19:34 UTC
Votes:3
Avg. Score:3.7 ± 1.9
Reproduced:2 of 2 (100.0%)
Same Version:1 (50.0%)
Same OS:2 (100.0%)
From: kevin at netflex dot nl Assigned:
Status: Wont fix Package: Reproducible crash
PHP Version: 4.3.3 OS: Windows/Netware and maybe more
Private report: No CVE-ID: None
View Developer Edit
 [2003-10-01 09:53 UTC] kevin at netflex dot nl 
Description:
------------
if you create an function that calls himself with an pass by ref. variable then as a result PHP crashes.

tested with:
* PHP 5.0.0b2-dev (snapshot: php5-win32-200309251030.zip) on Windows (Apache2 2.0.47 and Windows 2003)
* PHP 4.3.3 on Windows (Apache2 2.0.47 and Windows 2003)
* PHP 4.2.3 on Netware (Apache2 2.0.47 and Netware 6.5)

In the web browser appears the page: "can't find server"
and in the log files there is no information about the error/crash

Reproduce code:
---------------
crash($test = 0);

function crash(&$test) {
	if ($test < 10)
		crash($test);
	$test++;
}

Expected result:
----------------
the variable test with an value of (int)10

Actual result:
--------------
with PHP4 on Windows only php crashes and with PHP5 on Windows and PHP4 on Netware both php and apache2 crashes.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2003-10-01 10:08 UTC] kevin at netflex dot nl 
The problem isn't with the call by ref. but with the following situation:

if you have an function that calls himself endless then PHP crashes.

See the firt post for more information.
 [2003-10-01 10:33 UTC] sniper@php.net 
1. You didn't search the bug database first
2. This is expected.
3. We won't "fix" it.
 [2003-10-01 11:14 UTC] kevin at netflex dot nl 
1. we did
2. buffer overflow?? is this normal for you??
3. i don't agree, i could crash any php hosting if i want.

;-)
 [2003-10-01 11:36 UTC] moriyoshi@php.net 
function crash(&$test) {
	if ($test < 10)
		crash($test);
	$test++;
}

There's no chance $test is incremented. So no matter how the variable is passed to the function, it will definitely go into an infinite loop and end up eating up all the stack area which really causes segmentation fault.
 [2003-10-01 11:49 UTC] kevin at netflex dot nl 
i know, (mistake from me ;-).

But now the problem is that i can crash the server if i want by making an endless loop (with calls).
 [2003-10-01 13:23 UTC] moriyoshi@php.net 
You should first try hard to crash it with that tiny script.
If it really was to go wrong, then reopen this bug to let us know what did actually happen on your server :)
 [2003-10-01 13:34 UTC] moriyoshi@php.net 
Anyway, that's expected behaviour as stated in other bug reports.
 [2003-10-01 16:54 UTC] kevin at netflex dot nl 
script to crash the server:

crash();

function crash() {
  crash();
}


tested with:
* PHP 5.0.0b2-dev (snapshot: php5-win32-200309251030.zip) on Windows
(Apache2 2.0.47 and Windows 2003)
* PHP 4.3.3 on Windows (Apache2 2.0.47 and Windows 2003)
* PHP 4.2.3 on Netware (Apache2 2.0.47 and Netware 6.5)
 [2003-10-01 19:34 UTC] sniper@php.net 
We know this, now leave this closed.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Sat Dec 21 15:01:29 2024 UTC